Saturday, September 07, 2013

Exposed: NSA's War on Encryption

Exposed: NSA's War on Encryption

Posted 09/07/2013 at 5:41pm
by Pulkit Chandna

Leaked documents expose NSA's war on encryption

Agency capable of cracking most online encryption

Who owns the Internet? That is one question humanity hasn’t been able to answer with any degree of certainty hitherto and things are unlikely to change anytime soon. Now, it may be difficult for us to say who truly controls the Internet, but we can definitely tell you who’s currently behaving like they are the ones who own it.

Thanks to Edward Snowden, skeletons are tumbling out of the National Security Agency’s closet almost on a daily basis. And if you think you have already seen the most shocking bits of the this whole surveillance scandal pass you by, brace yourselves for you’re about to get shocked on a massive scale once again.

According to recent reports published by The Guardian and the New York Times, the National Security Agency and its British chum the Government Communications Headquarters (GCHQ) have “cracked much of the online encryption relied upon by hundreds of millions of people to protect the privacy of their personal data, online transactions and emails.”

The documents accessed by the two media outlets reveal that, at the turn of the century, the NSA began pouring in billions of dollars into a furtive program codenamed “Bullrun”. Aimed at defeating online encryption, it stumbled on a major breakthrough 10 years later, in 2010, when the agency acquired the ability to decrypt “vast amounts of Internet data” that had been considered unexploitable up until that point. The fact that the agency has made great strides in its war against encryption is clear from an internal GCHQ memo which describes those briefed about the the NSA’s eavesdropping repertoire for the very time as feeling “gobsmacked.”

The most worrying bit, though, is that the agency owes a lot of its eavesdropping capabilities to its success in secretively influencing tech companies to alter their product designs, "insert vulnerabilities into commercial encryption systems” and weaken security standards. All these activities are part of the SIGINT (signals intelligence) Enabling Project, a program the NSA has spent around $800 million on since 2011.

Although none of the companies that the NSA has been able to successfully influence are named in the documents, it is now known that its British counterpart, GCHQ, is keenly working on “understanding" Hotmail, Google, Yahoo and Facebook. In fact, in a quarterly update from last year, GCHQ seemed particularly excited about some new “access opportunities” where Google was concerned.

All the above-named companies, save for Facebook, have now issued statements on these new revelations. Microsoft says it is seriously concerned and will press the government for answers. Meanwhile, Google says it hasn’t seen any evidence of its security systems being circumvented in any way and insists that “the security of our users' data is a top priority.”

No comments: